summaryrefslogtreecommitdiff
path: root/src/starter/starter.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter/starter.c')
-rw-r--r--src/starter/starter.c1116
1 files changed, 559 insertions, 557 deletions
diff --git a/src/starter/starter.c b/src/starter/starter.c
index e4ad5286c..2d2f452b5 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -10,8 +10,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * RCSID $Id: starter.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <sys/types.h>
@@ -71,662 +69,666 @@ static unsigned int _action_ = 0;
static void
fsig(int signal)
{
- switch (signal)
- {
- case SIGCHLD:
+ switch (signal)
{
- int status;
- pid_t pid;
- char *name = NULL;
-
- while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
- {
- if (pid == starter_pluto_pid())
- name = " (Pluto)";
- if (pid == starter_charon_pid())
- name = " (Charon)";
- if (WIFSIGNALED(status))
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has been killed by sig %d\n",
- pid, name?name:"", WTERMSIG(status))
- )
- else if (WIFSTOPPED(status))
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has been stopped by sig %d\n",
- pid, name?name:"", WSTOPSIG(status))
- )
- else if (WIFEXITED(status))
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has quit (exit code %d)\n",
- pid, name?name:"", WEXITSTATUS(status))
- )
- else
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has quit", pid, name?name:"")
- )
- if (pid == starter_pluto_pid())
- starter_pluto_sigchild(pid);
- if (pid == starter_charon_pid())
- starter_charon_sigchild(pid);
- }
+ case SIGCHLD:
+ {
+ int status;
+ pid_t pid;
+ char *name = NULL;
+
+ while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
+ {
+ if (pid == starter_pluto_pid())
+ name = " (Pluto)";
+ if (pid == starter_charon_pid())
+ name = " (Charon)";
+ if (WIFSIGNALED(status))
+ DBG(DBG_CONTROL,
+ DBG_log("child %d%s has been killed by sig %d\n",
+ pid, name?name:"", WTERMSIG(status))
+ )
+ else if (WIFSTOPPED(status))
+ DBG(DBG_CONTROL,
+ DBG_log("child %d%s has been stopped by sig %d\n",
+ pid, name?name:"", WSTOPSIG(status))
+ )
+ else if (WIFEXITED(status))
+ DBG(DBG_CONTROL,
+ DBG_log("child %d%s has quit (exit code %d)\n",
+ pid, name?name:"", WEXITSTATUS(status))
+ )
+ else
+ DBG(DBG_CONTROL,
+ DBG_log("child %d%s has quit", pid, name?name:"")
+ )
+ if (pid == starter_pluto_pid())
+ starter_pluto_sigchild(pid);
+ if (pid == starter_charon_pid())
+ starter_charon_sigchild(pid);
+ }
+ }
+ break;
+
+ case SIGPIPE:
+ /** ignore **/
+ break;
+
+ case SIGALRM:
+ _action_ |= FLAG_ACTION_START_PLUTO;
+ _action_ |= FLAG_ACTION_START_CHARON;
+ break;
+
+ case SIGHUP:
+ _action_ |= FLAG_ACTION_UPDATE;
+ break;
+
+ case SIGTERM:
+ case SIGQUIT:
+ case SIGINT:
+ _action_ |= FLAG_ACTION_QUIT;
+ break;
+
+ case SIGUSR1:
+ _action_ |= FLAG_ACTION_RELOAD;
+ _action_ |= FLAG_ACTION_UPDATE;
+ break;
+
+ default:
+ plog("fsig(): unknown signal %d -- investigate", signal);
+ break;
}
- break;
-
- case SIGPIPE:
- /** ignore **/
- break;
-
- case SIGALRM:
- _action_ |= FLAG_ACTION_START_PLUTO;
- _action_ |= FLAG_ACTION_START_CHARON;
- break;
-
- case SIGHUP:
- _action_ |= FLAG_ACTION_UPDATE;
- break;
-
- case SIGTERM:
- case SIGQUIT:
- case SIGINT:
- _action_ |= FLAG_ACTION_QUIT;
- break;
-
- case SIGUSR1:
- _action_ |= FLAG_ACTION_RELOAD;
- _action_ |= FLAG_ACTION_UPDATE;
- break;
-
- default:
- plog("fsig(): unknown signal %d -- investigate", signal);
- break;
- }
}
static void generate_selfcert()
{
- struct stat stb;
-
- /* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
- {
- mode_t oldmask;
- FILE *f;
- uid_t uid = 0;
- gid_t gid = 0;
+ struct stat stb;
+
+ /* if ipsec.secrets file is missing then generate RSA default key pair */
+ if (stat(SECRETS_FILE, &stb) != 0)
+ {
+ mode_t oldmask;
+ FILE *f;
+ uid_t uid = 0;
+ gid_t gid = 0;
#ifdef IPSEC_GROUP
- {
- char buf[1024];
- struct group group, *grp;
-
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 &&
- grp)
{
- gid = grp->gr_gid;
+ char buf[1024];
+ struct group group, *grp;
+
+ if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
+ {
+ gid = grp->gr_gid;
+ }
}
- }
#endif
#ifdef IPSEC_USER
- {
- char buf[1024];
- struct passwd passwd, *pwp;
-
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 &&
- pwp)
{
- uid = pwp->pw_uid;
+ char buf[1024];
+ struct passwd passwd, *pwp;
+
+ if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
+ {
+ uid = pwp->pw_uid;
+ }
+ }
+#endif
+ setegid(gid);
+ seteuid(uid);
+ ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
+ seteuid(0);
+ setegid(0);
+
+ /* ipsec.secrets is root readable only */
+ oldmask = umask(0066);
+
+ f = fopen(SECRETS_FILE, "w");
+ if (f)
+ {
+ fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
+ fprintf(f, "\n");
+ fprintf(f, ": RSA myKey.der\n");
+ fclose(f);
}
+ ignore_result(chown(SECRETS_FILE, uid, gid));
+ umask(oldmask);
}
-#endif
- setegid(gid);
- seteuid(uid);
- ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
- seteuid(0);
- setegid(0);
-
- /* ipsec.secrets is root readable only */
- oldmask = umask(0066);
-
- f = fopen(SECRETS_FILE, "w");
- if (f)
- {
- fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
- fprintf(f, "\n");
- fprintf(f, ": RSA myKey.der\n");
- fclose(f);
- }
- ignore_result(chown(SECRETS_FILE, uid, gid));
- umask(oldmask);
- }
}
static void
usage(char *name)
{
- fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
- "[--debug|--debug-more|--debug-all]\n");
- exit(LSB_RC_INVALID_ARGUMENT);
+ fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
+ "[--debug|--debug-more|--debug-all]\n");
+ exit(LSB_RC_INVALID_ARGUMENT);
}
int main (int argc, char **argv)
{
- starter_config_t *cfg = NULL;
- starter_config_t *new_cfg;
- starter_conn_t *conn, *conn2;
- starter_ca_t *ca, *ca2;
-
- struct stat stb;
-
- char *err = NULL;
- int i;
- int id = 1;
- struct timeval tv;
- unsigned long auto_update = 0;
- time_t last_reload;
- bool no_fork = FALSE;
-
- /* global variables defined in log.h */
- log_to_stderr = TRUE;
- base_debugging = DBG_NONE;
-
- /* parse command line */
- for (i = 1; i < argc; i++)
- {
- if (streq(argv[i], "--debug"))
+ starter_config_t *cfg = NULL;
+ starter_config_t *new_cfg;
+ starter_conn_t *conn, *conn2;
+ starter_ca_t *ca, *ca2;
+
+ struct stat stb;
+
+ char *err = NULL;
+ int i;
+ int id = 1;
+ struct timeval tv;
+ unsigned long auto_update = 0;
+ time_t last_reload;
+ bool no_fork = FALSE;
+ bool attach_gdb = FALSE;
+
+ /* global variables defined in log.h */
+ log_to_stderr = TRUE;
+ base_debugging = DBG_NONE;
+
+ /* parse command line */
+ for (i = 1; i < argc; i++)
{
- base_debugging |= DBG_CONTROL;
+ if (streq(argv[i], "--debug"))
+ {
+ base_debugging |= DBG_CONTROL;
+ }
+ else if (streq(argv[i], "--debug-more"))
+ {
+ base_debugging |= DBG_CONTROLMORE;
+ }
+ else if (streq(argv[i], "--debug-all"))
+ {
+ base_debugging |= DBG_ALL;
+ }
+ else if (streq(argv[i], "--nofork"))
+ {
+ no_fork = TRUE;
+ }
+ else if (streq(argv[i], "--attach-gdb"))
+ {
+ no_fork = TRUE;
+ attach_gdb = TRUE;
+ }
+ else if (streq(argv[i], "--auto-update") && i+1 < argc)
+ {
+ auto_update = atoi(argv[++i]);
+ if (!auto_update)
+ usage(argv[0]);
+ }
+ else
+ {
+ usage(argv[0]);
+ }
}
- else if (streq(argv[i], "--debug-more"))
+
+ /* Init */
+ init_log("ipsec_starter");
+ cur_debugging = base_debugging;
+
+ signal(SIGHUP, fsig);
+ signal(SIGCHLD, fsig);
+ signal(SIGPIPE, fsig);
+ signal(SIGINT, fsig);
+ signal(SIGTERM, fsig);
+ signal(SIGQUIT, fsig);
+ signal(SIGALRM, fsig);
+ signal(SIGUSR1, fsig);
+
+ plog("Starting strongSwan "VERSION" IPsec [starter]...");
+
+ /* verify that we can start */
+ if (getuid() != 0)
{
- base_debugging |= DBG_CONTROLMORE;
+ plog("permission denied (must be superuser)");
+ exit(LSB_RC_NOT_ALLOWED);
}
- else if (streq(argv[i], "--debug-all"))
+
+ if (stat(PLUTO_PID_FILE, &stb) == 0)
{
- base_debugging |= DBG_ALL;
+ plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
}
- else if (streq(argv[i], "--nofork"))
+ else
{
- no_fork = TRUE;
+ _action_ |= FLAG_ACTION_START_PLUTO;
}
- else if (streq(argv[i], "--auto-update") && i+1 < argc)
+ if (stat(CHARON_PID_FILE, &stb) == 0)
{
- auto_update = atoi(argv[++i]);
- if (!auto_update)
- usage(argv[0]);
+ plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
}
else
{
- usage(argv[0]);
+ _action_ |= FLAG_ACTION_START_CHARON;
}
- }
-
- /* Init */
- init_log("ipsec_starter");
- cur_debugging = base_debugging;
-
- signal(SIGHUP, fsig);
- signal(SIGCHLD, fsig);
- signal(SIGPIPE, fsig);
- signal(SIGINT, fsig);
- signal(SIGTERM, fsig);
- signal(SIGQUIT, fsig);
- signal(SIGALRM, fsig);
- signal(SIGUSR1, fsig);
-
- plog("Starting strongSwan %s IPsec [starter]...", ipsec_version_code());
-
- /* verify that we can start */
- if (getuid() != 0)
- {
- plog("permission denied (must be superuser)");
- exit(LSB_RC_NOT_ALLOWED);
- }
-
- if (stat(PLUTO_PID_FILE, &stb) == 0)
- {
- plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
- }
- else
- {
- _action_ |= FLAG_ACTION_START_PLUTO;
- }
- if (stat(CHARON_PID_FILE, &stb) == 0)
- {
- plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
- }
- else
- {
- _action_ |= FLAG_ACTION_START_CHARON;
- }
- if (stat(DEV_RANDOM, &stb) != 0)
- {
- plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
- exit(LSB_RC_FAILURE);
- }
-
- if (stat(DEV_URANDOM, &stb)!= 0)
- {
- plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
- exit(LSB_RC_FAILURE);
- }
-
- cfg = confread_load(CONFIG_FILE);
- if (cfg == NULL || cfg->err > 0)
- {
- plog("unable to start strongSwan -- fatal errors in config");
- if (cfg)
+ if (stat(DEV_RANDOM, &stb) != 0)
{
- confread_free(cfg);
+ plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
+ exit(LSB_RC_FAILURE);
}
- exit(LSB_RC_INVALID_ARGUMENT);
- }
- /* determine if we have a native netkey IPsec stack */
- if (!starter_netkey_init())
- {
- plog("no netkey IPSec stack detected");
- if (!starter_klips_init())
+ if (stat(DEV_URANDOM, &stb)!= 0)
{
- plog("no KLIPS IPSec stack detected");
- exit(LSB_RC_FAILURE);
+ plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
+ exit(LSB_RC_FAILURE);
}
- }
-
- last_reload = time(NULL);
-
- if (stat(STARTER_PID_FILE, &stb) == 0)
- {
- plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
- exit(LSB_RC_SUCCESS);
- }
-
- generate_selfcert();
-
- /* fork if we're not debugging stuff */
- if (!no_fork)
- {
- log_to_stderr = FALSE;
- switch (fork())
+ cfg = confread_load(CONFIG_FILE);
+ if (cfg == NULL || cfg->err > 0)
{
- case 0:
- {
- int fnull = open("/dev/null", O_RDWR);
-
- if (fnull >= 0)
+ plog("unable to start strongSwan -- fatal errors in config");
+ if (cfg)
{
- dup2(fnull, STDIN_FILENO);
- dup2(fnull, STDOUT_FILENO);
- dup2(fnull, STDERR_FILENO);
- close(fnull);
+ confread_free(cfg);
}
- setsid();
- }
- break;
- case -1:
- plog("can't fork: %s", strerror(errno));
- break;
- default:
- exit(LSB_RC_SUCCESS);
+ exit(LSB_RC_INVALID_ARGUMENT);
}
- }
- /* save pid file in /var/run/starter.pid */
- {
- FILE *fd = fopen(STARTER_PID_FILE, "w");
-
- if (fd)
+ /* determine if we have a native netkey IPsec stack */
+ if (!starter_netkey_init())
{
- fprintf(fd, "%u\n", getpid());
- fclose(fd);
+ plog("no netkey IPsec stack detected");
+ if (!starter_klips_init())
+ {
+ plog("no KLIPS IPsec stack detected");
+ plog("no known IPsec stack detected, ignoring!");
+ }
}
- }
-
- for (;;)
- {
- /*
- * Stop pluto/charon (if started) and exit
- */
- if (_action_ & FLAG_ACTION_QUIT)
+
+ last_reload = time(NULL);
+
+ if (stat(STARTER_PID_FILE, &stb) == 0)
{
- if (starter_pluto_pid())
- starter_stop_pluto();
- if (starter_charon_pid())
- starter_stop_charon();
- starter_netkey_cleanup();
- confread_free(cfg);
- unlink(STARTER_PID_FILE);
- unlink(INFO_FILE);
-#ifdef LEAK_DETECTIVE
- report_leaks();
-#endif /* LEAK_DETECTIVE */
- close_log();
- plog("ipsec starter stopped");
- exit(LSB_RC_SUCCESS);
+ plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
+ exit(LSB_RC_SUCCESS);
}
+
+ generate_selfcert();
- /*
- * Delete all connections. Will be added below
- */
- if (_action_ & FLAG_ACTION_RELOAD)
+ /* fork if we're not debugging stuff */
+ if (!no_fork)
{
- if (starter_pluto_pid() || starter_charon_pid())
- {
- for (conn = cfg->conn_first; conn; conn = conn->next)
+ log_to_stderr = FALSE;
+
+ switch (fork())
{
- if (conn->state == STATE_ADDED)
- {
- if (starter_charon_pid())
- {
- starter_stroke_del_conn(conn);
- }
- if (starter_pluto_pid())
+ case 0:
{
- starter_whack_del_conn(conn);
+ int fnull = open("/dev/null", O_RDWR);
+
+ if (fnull >= 0)
+ {
+ dup2(fnull, STDIN_FILENO);
+ dup2(fnull, STDOUT_FILENO);
+ dup2(fnull, STDERR_FILENO);
+ close(fnull);
+ }
+ setsid();
}
- conn->state = STATE_TO_ADD;
- }
+ break;
+ case -1:
+ plog("can't fork: %s", strerror(errno));
+ break;
+ default:
+ exit(LSB_RC_SUCCESS);
}
- for (ca = cfg->ca_first; ca; ca = ca->next)
+ }
+
+ /* save pid file in /var/run/starter.pid */
+ {
+ FILE *fd = fopen(STARTER_PID_FILE, "w");
+
+ if (fd)
{
- if (ca->state == STATE_ADDED)
- {
- if (starter_charon_pid())
- {
- starter_stroke_del_ca(ca);
- }
- if (starter_pluto_pid())
- {
- starter_whack_del_ca(ca);
- }
- ca->state = STATE_TO_ADD;
- }
+ fprintf(fd, "%u\n", getpid());
+ fclose(fd);
}
- }
- _action_ &= ~FLAG_ACTION_RELOAD;
}
- /*
- * Update configuration
- */
- if (_action_ & FLAG_ACTION_UPDATE)
+ for (;;)
{
- err = NULL;
- DBG(DBG_CONTROL,
- DBG_log("Reloading config...")
- );
- new_cfg = confread_load(CONFIG_FILE);
-
- if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
- {
- /* Switch to new config. New conn will be loaded below */
- if (!starter_cmp_defaultroute(&new_cfg->defaultroute
- , &cfg->defaultroute))
+ /*
+ * Stop pluto/charon (if started) and exit
+ */
+ if (_action_ & FLAG_ACTION_QUIT)
{
- _action_ |= FLAG_ACTION_LISTEN;
+ if (starter_pluto_pid())
+ starter_stop_pluto();
+ if (starter_charon_pid())
+ starter_stop_charon();
+ starter_netkey_cleanup();
+ confread_free(cfg);
+ unlink(STARTER_PID_FILE);
+ unlink(INFO_FILE);
+#ifdef LEAK_DETECTIVE
+ report_leaks();
+#endif /* LEAK_DETECTIVE */
+ close_log();
+ plog("ipsec starter stopped");
+ exit(LSB_RC_SUCCESS);
}
- if (!starter_cmp_pluto(cfg, new_cfg))
+ /*
+ * Delete all connections. Will be added below
+ */
+ if (_action_ & FLAG_ACTION_RELOAD)
{
- plog("Pluto has changed");
- if (starter_pluto_pid())
- starter_stop_pluto();
- _action_ &= ~FLAG_ACTION_LISTEN;
- _action_ |= FLAG_ACTION_START_PLUTO;
+ if (starter_pluto_pid() || starter_charon_pid())
+ {
+ for (conn = cfg->conn_first; conn; conn = conn->next)
+ {
+ if (conn->state == STATE_ADDED)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_del_conn(conn);
+ }
+ if (starter_pluto_pid())
+ {
+ starter_whack_del_conn(conn);
+ }
+ conn->state = STATE_TO_ADD;
+ }
+ }
+ for (ca = cfg->ca_first; ca; ca = ca->next)
+ {
+ if (ca->state == STATE_ADDED)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_del_ca(ca);
+ }
+ if (starter_pluto_pid())
+ {
+ starter_whack_del_ca(ca);
+ }
+ ca->state = STATE_TO_ADD;
+ }
+ }
+ }
+ _action_ &= ~FLAG_ACTION_RELOAD;
}
- else
+
+ /*
+ * Update configuration
+ */
+ if (_action_ & FLAG_ACTION_UPDATE)
{
- /* Only reload conn and ca sections if pluto is not killed */
+ err = NULL;
+ DBG(DBG_CONTROL,
+ DBG_log("Reloading config...")
+ );
+ new_cfg = confread_load(CONFIG_FILE);
- /* Look for new connections that are already loaded */
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
+ if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
{
- for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
- {
- if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
+ /* Switch to new config. New conn will be loaded below */
+ if (!starter_cmp_defaultroute(&new_cfg->defaultroute
+ , &cfg->defaultroute))
{
- conn->state = STATE_REPLACED;
- conn2->state = STATE_ADDED;
- conn2->id = conn->id;
- break;
+ _action_ |= FLAG_ACTION_LISTEN;
}
- }
- }
- }
- /* Remove conn sections that have become unused */
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
+ if (!starter_cmp_pluto(cfg, new_cfg))
+ {
+ plog("Pluto has changed");
+ if (starter_pluto_pid())
+ starter_stop_pluto();
+ _action_ &= ~FLAG_ACTION_LISTEN;
+ _action_ |= FLAG_ACTION_START_PLUTO;
+ }
+ else
+ {
+ /* Only reload conn and ca sections if pluto is not killed */
+
+ /* Look for new connections that are already loaded */
+ for (conn = cfg->conn_first; conn; conn = conn->next)
+ {
+ if (conn->state == STATE_ADDED)
+ {
+ for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
+ {
+ if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
+ {
+ conn->state = STATE_REPLACED;
+ conn2->state = STATE_ADDED;
+ conn2->id = conn->id;
+ break;
+ }
+ }
+ }
+ }
+
+ /* Remove conn sections that have become unused */
+ for (conn = cfg->conn_first; conn; conn = conn->next)
+ {
+ if (conn->state == STATE_ADDED)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_del_conn(conn);
+ }
+ if (starter_pluto_pid())
+ {
+ starter_whack_del_conn(conn);
+ }
+ }
+ }
+
+ /* Look for new ca sections that are already loaded */
+ for (ca = cfg->ca_first; ca; ca = ca->next)
+ {
+ if (ca->state == STATE_ADDED)
+ {
+ for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
+ {
+ if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
+ {
+ ca->state = STATE_REPLACED;
+ ca2->state = STATE_ADDED;
+ break;
+ }
+ }
+ }
+ }
+
+ /* Remove ca sections that have become unused */
+ for (ca = cfg->ca_first; ca; ca = ca->next)
+ {
+ if (ca->state == STATE_ADDED)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_del_ca(ca);
+ }
+ if (starter_pluto_pid())
+ {
+ starter_whack_del_ca(ca);
+ }
+ }
+ }
+ }
+ confread_free(cfg);
+ cfg = new_cfg;
+ }
+ else
{
- if (starter_charon_pid())
- {
- starter_stroke_del_conn(conn);
- }
- if (starter_pluto_pid())
- {
- starter_whack_del_conn(conn);
- }
+ plog("can't reload config file due to errors -- keeping old one");
+ if (new_cfg)
+ {
+ confread_free(new_cfg);
+ }
}
- }
+ _action_ &= ~FLAG_ACTION_UPDATE;
+ last_reload = time(NULL);
+ }
- /* Look for new ca sections that are already loaded */
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
+ /*
+ * Start pluto
+ */
+ if (_action_ & FLAG_ACTION_START_PLUTO)
+ {
+ if (cfg->setup.plutostart && !starter_pluto_pid())
{
- for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
- {
- if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
+ DBG(DBG_CONTROL,
+ DBG_log("Attempting to start pluto...")
+ );
+
+ if (starter_start_pluto(cfg, no_fork, attach_gdb) == 0)
+ {
+ starter_whack_listen();
+ }
+ else
{
- ca->state = STATE_REPLACED;
- ca2->state = STATE_ADDED;
- break;
+ /* schedule next try */
+ alarm(PLUTO_RESTART_DELAY);
}
- }
}
- }
+ _action_ &= ~FLAG_ACTION_START_PLUTO;
- /* Remove ca sections that have become unused */
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
+ for (ca = cfg->ca_first; ca; ca = ca->next)
{
- if (starter_charon_pid())
- {
- starter_stroke_del_ca(ca);
- }
- if (starter_pluto_pid())
- {
- starter_whack_del_ca(ca);
- }
+ if (ca->state == STATE_ADDED)
+ ca->state = STATE_TO_ADD;
}
- }
- }
- confread_free(cfg);
- cfg = new_cfg;
- }
- else
- {
- plog("can't reload config file due to errors -- keeping old one");
- if (new_cfg)
- {
- confread_free(new_cfg);
- }
- }
- _action_ &= ~FLAG_ACTION_UPDATE;
- last_reload = time(NULL);
- }
- /*
- * Start pluto
- */
- if (_action_ & FLAG_ACTION_START_PLUTO)
- {
- if (cfg->setup.plutostart && !starter_pluto_pid())
- {
- DBG(DBG_CONTROL,
- DBG_log("Attempting to start pluto...")
- );
-
- if (starter_start_pluto(cfg, no_fork) == 0)
- {
- starter_whack_listen();
- }
- else
- {
- /* schedule next try */
- alarm(PLUTO_RESTART_DELAY);
+ for (conn = cfg->conn_first; conn; conn = conn->next)
+ {
+ if (conn->state == STATE_ADDED)
+ conn->state = STATE_TO_ADD;
+ }
}
- }
- _action_ &= ~FLAG_ACTION_START_PLUTO;
-
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
- ca->state = STATE_TO_ADD;
- }
-
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
- conn->state = STATE_TO_ADD;
- }
- }
-
- /*
- * Start charon
- */
- if (_action_ & FLAG_ACTION_START_CHARON)
- {
- if (cfg->setup.charonstart && !starter_charon_pid())
- {
- DBG(DBG_CONTROL,
- DBG_log("Attempting to start charon...")
- );
- if (starter_start_charon(cfg, no_fork))
+
+ /*
+ * Start charon
+ */
+ if (_action_ & FLAG_ACTION_START_CHARON)
{
- /* schedule next try */
- alarm(PLUTO_RESTART_DELAY);
+ if (cfg->setup.charonstart && !starter_charon_pid())
+ {
+ DBG(DBG_CONTROL,
+ DBG_log("Attempting to start charon...")
+ );
+ if (starter_start_charon(cfg, no_fork, attach_gdb))
+ {
+ /* schedule next try */
+ alarm(PLUTO_RESTART_DELAY);
+ }
+ starter_stroke_configure(cfg);
+ }
+ _action_ &= ~FLAG_ACTION_START_CHARON;
}
- starter_stroke_configure(cfg);
- }
- _action_ &= ~FLAG_ACTION_START_CHARON;
- }
-
- /*
- * Tell pluto to reread its interfaces
- */
- if (_action_ & FLAG_ACTION_LISTEN)
- {
- if (starter_pluto_pid())
- {
- starter_whack_listen();
- _action_ &= ~FLAG_ACTION_LISTEN;
- }
- }
- /*
- * Add stale conn and ca sections
- */
- if (starter_pluto_pid() || starter_charon_pid())
- {
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_TO_ADD)
+ /*
+ * Tell pluto to reread its interfaces
+ */
+ if (_action_ & FLAG_ACTION_LISTEN)
{
- if (starter_charon_pid())
- {
- starter_stroke_add_ca(ca);
- }
- if (starter_pluto_pid())
- {
- starter_whack_add_ca(ca);
- }
- ca->state = STATE_ADDED;
+ if (starter_pluto_pid())
+ {
+ starter_whack_listen();
+ _action_ &= ~FLAG_ACTION_LISTEN;
+ }
}
- }
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_TO_ADD)
+ /*
+ * Add stale conn and ca sections
+ */
+ if (starter_pluto_pid() || starter_charon_pid())
{
- if (conn->id == 0)
- {
- /* affect new unique id */
- conn->id = id++;
- }
- if (starter_charon_pid())
- {
- starter_stroke_add_conn(cfg, conn);
- }
- if (starter_pluto_pid())
- {
- starter_whack_add_conn(conn);
- }
- conn->state = STATE_ADDED;
-
- if (conn->startup == STARTUP_START)
- {
- if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+ for (ca = cfg->ca_first; ca; ca = ca->next)
{
- if (starter_charon_pid())
- {
- starter_stroke_initiate_conn(conn);
- }
- }
- else
- {
- if (starter_pluto_pid())
- {
- starter_whack_initiate_conn(conn);
- }
- }
- }
- else if (conn->startup == STARTUP_ROUTE)
- {
- if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
- {
- if (starter_charon_pid())
- {
- starter_stroke_route_conn(conn);
- }
+ if (ca->state == STATE_TO_ADD)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_add_ca(ca);
+ }
+ if (starter_pluto_pid())
+ {
+ starter_whack_add_ca(ca);
+ }
+ ca->state = STATE_ADDED;
+ }
}
- else
+
+ for (conn = cfg->conn_first; conn; conn = conn->next)
{
- if (starter_pluto_pid())
- {
- starter_whack_route_conn(conn);
- }
+ if (conn->state == STATE_TO_ADD)
+ {
+ if (conn->id == 0)
+ {
+ /* affect new unique id */
+ conn->id = id++;
+ }
+ if (starter_charon_pid())
+ {
+ starter_stroke_add_conn(cfg, conn);
+ }
+ if (starter_pluto_pid())
+ {
+ starter_whack_add_conn(conn);
+ }
+ conn->state = STATE_ADDED;
+
+ if (conn->startup == STARTUP_START)
+ {
+ if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_initiate_conn(conn);
+ }
+ }
+ else
+ {
+ if (starter_pluto_pid())
+ {
+ starter_whack_initiate_conn(conn);
+ }
+ }
+ }
+ else if (conn->startup == STARTUP_ROUTE)
+ {
+ if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
+ {
+ if (starter_charon_pid())
+ {
+ starter_stroke_route_conn(conn);
+ }
+ }
+ else
+ {
+ if (starter_pluto_pid())
+ {
+ starter_whack_route_conn(conn);
+ }
+ }
+ }
+ }
}
- }
}
- }
- }
- /*
- * If auto_update activated, when to stop select
- */
- if (auto_update)
- {
- time_t now = time(NULL);
+ /*
+ * If auto_update activated, when to stop select
+ */
+ if (auto_update)
+ {
+ time_t now = time(NULL);
- tv.tv_sec = (now < last_reload + auto_update)
- ? (last_reload + auto_update-now) : 0;
- tv.tv_usec = 0;
- }
+ tv.tv_sec = (now < last_reload + auto_update)
+ ? (last_reload + auto_update-now) : 0;
+ tv.tv_usec = 0;
+ }
- /*
- * Wait for something to happen
- */
- if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0)
- {
- /* timeout -> auto_update */
- _action_ |= FLAG_ACTION_UPDATE;
+ /*
+ * Wait for something to happen
+ */
+ if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0)
+ {
+ /* timeout -> auto_update */
+ _action_ |= FLAG_ACTION_UPDATE;
+ }
}
- }
- exit(LSB_RC_SUCCESS);
+ exit(LSB_RC_SUCCESS);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 12:38:37 +0000